From 4f73d2d7b4f2ba743c47e8be0248da03661af1d7 Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Fri, 18 Nov 2011 14:09:12 +0000 Subject: main/nss: security fix (CVE-2011-3640) ref #815 ref #816 --- main/nss/APKBUILD | 9 ++- main/nss/cve-2011-3640.patch | 141 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 147 insertions(+), 3 deletions(-) create mode 100644 main/nss/cve-2011-3640.patch diff --git a/main/nss/APKBUILD b/main/nss/APKBUILD index c507cdba24..c8b1199456 100644 --- a/main/nss/APKBUILD +++ b/main/nss/APKBUILD @@ -2,7 +2,7 @@ pkgname=nss pkgver=3.12.11 _ver=${pkgver//./_} -pkgrel=0 +pkgrel=1 pkgdesc="Mozilla Network Security Services" url="http://www.mozilla.org/projects/security/pki/nss/" arch="all" @@ -15,7 +15,9 @@ source="ftp://ftp.mozilla.org/pub/security/$pkgname/releases/NSS_${_ver}_RTM/src nss.pc.in nss-config.in add_spi+cacert_ca_certs.patch - ssl-renegotiate-transitional.patch" + ssl-renegotiate-transitional.patch + cve-2011-3640.patch + " depends_dev="nspr-dev" _builddir="$srcdir"/$pkgname-$pkgver @@ -142,4 +144,5 @@ e5c97db0c884d5f4cfda21e562dc9bba nss-no-rpath.patch c547b030c57fe1ed8b77c73bf52b3ded nss.pc.in 46bee81908f1e5b26d6a7a2e14c64d9f nss-config.in 7f39c19b1dfd62d7db7d8bf19f156fed add_spi+cacert_ca_certs.patch -d83c7b61abb7e9f8f7bcd157183d1ade ssl-renegotiate-transitional.patch" +d83c7b61abb7e9f8f7bcd157183d1ade ssl-renegotiate-transitional.patch +6fa44457270956d634abe15d1f3340ab cve-2011-3640.patch" diff --git a/main/nss/cve-2011-3640.patch b/main/nss/cve-2011-3640.patch new file mode 100644 index 0000000000..ced9915102 --- /dev/null +++ b/main/nss/cve-2011-3640.patch @@ -0,0 +1,141 @@ +Index: mozilla/security/nss/lib/softoken/sftkmod.c +=================================================================== +RCS file: /cvsroot/mozilla/security/nss/lib/softoken/sftkmod.c,v +retrieving revision 1.8 +diff -p -u -r1.8 sftkmod.c +--- a/mozilla/security/nss/lib/softoken/sftkmod.c 15 Jan 2011 20:59:11 -0000 1.8 ++++ b/mozilla/security/nss/lib/softoken/sftkmod.c 2 Oct 2011 14:45:28 -0000 +@@ -179,15 +179,18 @@ char *sftk_getOldSecmodName(const char * + char *sep; + + sep = PORT_Strrchr(dirPath,*PATH_SEPARATOR); +-#ifdef WINDOWS ++#ifdef _WIN32 + if (!sep) { +- sep = PORT_Strrchr(dirPath,'/'); ++ /* pkcs11i.h defines PATH_SEPARATOR as "/" for all platforms. */ ++ sep = PORT_Strrchr(dirPath,'\\'); + } + #endif + if (sep) { +- *(sep)=0; ++ *sep = 0; ++ file = PR_smprintf("%s"PATH_SEPARATOR"%s", dirPath, filename); ++ } else { ++ file = PR_smprintf("%s", filename); + } +- file= PR_smprintf("%s"PATH_SEPARATOR"%s", dirPath, filename); + PORT_Free(dirPath); + return file; + } +@@ -242,13 +245,18 @@ sftkdb_ReadSecmodDB(SDBType dbType, cons + char *paramsValue=NULL; + PRBool failed = PR_TRUE; + +- if ((dbType == SDB_LEGACY) || (dbType == SDB_MULTIACCESS)) { ++ if ((dbname != NULL) && ++ ((dbType == SDB_LEGACY) || (dbType == SDB_MULTIACCESS))) { + return sftkdbCall_ReadSecmodDB(appName, filename, dbname, params, rw); + } + + moduleList = (char **) PORT_ZAlloc(useCount*sizeof(char **)); + if (moduleList == NULL) return NULL; + ++ if (dbname == NULL) { ++ goto return_default; ++ } ++ + /* do we really want to use streams here */ + fd = fopen(dbname, "r"); + if (fd == NULL) goto done; +@@ -405,7 +413,11 @@ sftkdb_ReadSecmodDB(SDBType dbType, cons + moduleString = NULL; + } + done: +- /* if we couldn't open a pkcs11 database, look for the old one */ ++ /* If we couldn't open a pkcs11 database, look for the old one. ++ * This is necessary to maintain the semantics of the transition from ++ * old to new DB's. If there is an old DB and not new DB, we will ++ * automatically use the old DB. If the DB was opened read/write, we ++ * create a new db and upgrade it from the old one. */ + if (fd == NULL) { + char *olddbname = sftk_getOldSecmodName(dbname,filename); + PRStatus status; +@@ -462,6 +474,8 @@ bail: + PR_smprintf_free(olddbname); + } + } ++ ++return_default: + + if (!moduleList[0]) { + char * newParams; +@@ -515,7 +529,8 @@ sftkdb_ReleaseSecmodDBData(SDBType dbTyp + const char *filename, const char *dbname, + char **moduleSpecList, PRBool rw) + { +- if ((dbType == SDB_LEGACY) || (dbType == SDB_MULTIACCESS)) { ++ if ((dbname != NULL) && ++ ((dbType == SDB_LEGACY) || (dbType == SDB_MULTIACCESS))) { + return sftkdbCall_ReleaseSecmodDBData(appName, filename, dbname, + moduleSpecList, rw); + } +@@ -546,6 +561,10 @@ sftkdb_DeleteSecmodDB(SDBType dbType, co + PRBool skip = PR_FALSE; + PRBool found = PR_FALSE; + ++ if (dbname == NULL) { ++ return SECFailure; ++ } ++ + if ((dbType == SDB_LEGACY) || (dbType == SDB_MULTIACCESS)) { + return sftkdbCall_DeleteSecmodDB(appName, filename, dbname, args, rw); + } +@@ -669,6 +688,10 @@ sftkdb_AddSecmodDB(SDBType dbType, const + char *block = NULL; + PRBool libFound = PR_FALSE; + ++ if (dbname == NULL) { ++ return SECFailure; ++ } ++ + if ((dbType == SDB_LEGACY) || (dbType == SDB_MULTIACCESS)) { + return sftkdbCall_AddSecmodDB(appName, filename, dbname, module, rw); + } +Index: mozilla/security/nss/lib/softoken/sftkpars.c +=================================================================== +RCS file: /cvsroot/mozilla/security/nss/lib/softoken/sftkpars.c,v +retrieving revision 1.11 +diff -p -u -r1.11 sftkpars.c +--- a/mozilla/security/nss/lib/softoken/sftkpars.c 18 Jun 2010 04:09:27 -0000 1.11 ++++ b/mozilla/security/nss/lib/softoken/sftkpars.c 2 Oct 2011 14:45:29 -0000 +@@ -607,6 +607,7 @@ sftk_getSecmodName(char *param, SDBType + char *value = NULL; + char *save_params = param; + const char *lconfigdir; ++ PRBool noModDB = PR_FALSE; + param = sftk_argStrip(param); + + +@@ -631,7 +632,10 @@ sftk_getSecmodName(char *param, SDBType + + if (sftk_argHasFlag("flags","noModDB",save_params)) { + /* there isn't a module db, don't load the legacy support */ ++ noModDB = PR_TRUE; + *dbType = SDB_SQL; ++ PORT_Free(*filename); ++ *filename = NULL; + *rw = PR_FALSE; + } + +@@ -640,7 +644,9 @@ sftk_getSecmodName(char *param, SDBType + secmodName="pkcs11.txt"; + } + +- if (lconfigdir) { ++ if (noModDB) { ++ value = NULL; ++ } else if (lconfigdir && lconfigdir[0] != '\0') { + value = PR_smprintf("%s" PATH_SEPARATOR "%s",lconfigdir,secmodName); + } else { + value = PR_smprintf("%s",secmodName); -- cgit v1.2.3